Spring Security Web: 기본 웹 보안 표현 식 핸들 러 결 성 웹 보안 표현 식 프로세서
DefaultWebSecurityExpressionHandler
은 Spring Security Web
보안 표현 식 프로세서 Web
에 사 용 됩 니 다.이것 은 결 성 된 설정 과 그 당시 환경 을 바탕 으로 지정 한 handler
안전 표현 식 에 대해 값 을 구 할 것 입 니 다.Web
주어진 DefaultWebSecurityExpressionHandler
과 요청 컨 텍스트 token
에 대해 평가 컨 텍스트 FilterInvocation
를 만 듭 니 다.그리고 EvaluationContext
값 을 구 해서 사용 하도록 제공 합 니 다.예 를 들 어 SPEL
에서 이렇게 응용 되 었 다.public class WebExpressionVoter implements AccessDecisionVoter<FilterInvocation> {
// expressionHandler DefaultWebSecurityExpressionHandler
private SecurityExpressionHandler<FilterInvocation> expressionHandler =
new DefaultWebSecurityExpressionHandler();
public int vote(Authentication authentication, FilterInvocation fi,
Collection<ConfigAttribute> attributes) {
assert authentication != null;
assert fi != null;
assert attributes != null;
// Web
WebExpressionConfigAttribute weca = findConfigAttribute(attributes);
if (weca == null) {
// , ACCESS_ABSTAIN:0
return ACCESS_ABSTAIN;
}
// DefaultWebSecurityExpressionHandler EvaluationContext
EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication,
fi);
ctx = weca.postProcess(ctx, fi);
// Web weca , ctx,
// , boolean
// true, ACCESS_GRANTED:1, ACCESS_DENIED:-1
return ExpressionUtils.evaluateAsBoolean(weca.getAuthorizeExpression(), ctx) ? ACCESS_GRANTED
: ACCESS_DENIED;
}
소스 코드 분석
소스 버 전: 5.1.2. RELEASE
package org.springframework.security.web.access.expression;
import org.springframework.security.access.expression.AbstractSecurityExpressionHandler;
import org.springframework.security.access.expression.SecurityExpressionHandler;
import org.springframework.security.access.expression.SecurityExpressionOperations;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.FilterInvocation;
import org.springframework.util.Assert;
public class DefaultWebSecurityExpressionHandler extends
AbstractSecurityExpressionHandler<FilterInvocation> implements
SecurityExpressionHandler<FilterInvocation> {
// Authentication anonymous, rememberMe
// AuthenticationTrustResolverImpl
private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
//
private String defaultRolePrefix = "ROLE_";
// token authentication fi SecurityExpressionOperations,
// SecurityExpressionOperations EvaluationContext
@Override
protected SecurityExpressionOperations createSecurityExpressionRoot(
Authentication authentication, FilterInvocation fi) {
WebSecurityExpressionRoot root = new WebSecurityExpressionRoot(authentication, fi);
root.setPermissionEvaluator(getPermissionEvaluator());
root.setTrustResolver(trustResolver);
root.setRoleHierarchy(getRoleHierarchy());
root.setDefaultRolePrefix(this.defaultRolePrefix);
return root;
}
/**
* Sets the AuthenticationTrustResolver to be used. The default is
* AuthenticationTrustResolverImpl.
*
* @param trustResolver the AuthenticationTrustResolver to use. Cannot be
* null.
*/
public void setTrustResolver(AuthenticationTrustResolver trustResolver) {
Assert.notNull(trustResolver, "trustResolver cannot be null");
this.trustResolver = trustResolver;
}
/**
*
* Sets the default prefix to be added to
* org.springframework.security.access.expression.SecurityExpressionRoot#hasAnyRole(String...)
* or org.springframework.security.access.expression.SecurityExpressionRoot#hasRole(String).
* For example, if hasRole("ADMIN") or hasRole("ROLE_ADMIN")
* is passed in, then the role ROLE_ADMIN will be used when the defaultRolePrefix is
* "ROLE_" (default).
*
* hasAnyRole(String...) hasRole(String) 。 ,
* "ROLE_"。
*
* If null or empty, then no default role prefix is used.
* , null "", 。
*
* @param defaultRolePrefix the default prefix to add to roles. Default "ROLE_".
*/
public void setDefaultRolePrefix(String defaultRolePrefix) {
this.defaultRolePrefix = defaultRolePrefix;
}
}
WebExpressionVoter
계승 DefaultWebSecurityExpressionHandler
, 진정 으로 AbstractSecurityExpressionHandler
을 만 드 는 방법 도 현재 이 종류 에서:package org.springframework.security.access.expression;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.context.expression.BeanFactoryResolver;
import org.springframework.expression.BeanResolver;
import org.springframework.expression.EvaluationContext;
import org.springframework.expression.ExpressionParser;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.expression.spel.support.StandardEvaluationContext;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
import org.springframework.security.core.Authentication;
import org.springframework.util.Assert;
/**
* Base implementation of the facade which isolates Spring Security's requirements for
* evaluating security expressions from the implementation of the underlying expression
* objects.
* Spring Security , , Web , 。
*
* @author Luke Taylor
* @since 3.1
*/
public abstract class AbstractSecurityExpressionHandler<T> implements
SecurityExpressionHandler<T>, ApplicationContextAware {
// spel parser
private ExpressionParser expressionParser = new SpelExpressionParser();
private BeanResolver br;
private RoleHierarchy roleHierarchy;
// denyAll
private PermissionEvaluator permissionEvaluator = new DenyAllPermissionEvaluator();
public final ExpressionParser getExpressionParser() {
return expressionParser;
}
public final void setExpressionParser(ExpressionParser expressionParser) {
Assert.notNull(expressionParser, "expressionParser cannot be null");
this.expressionParser = expressionParser;
}
/**
* Invokes the internal template methods to create StandardEvaluationContext
* and SecurityExpressionRoot objects.
*
* @param authentication the current authentication object
* @param invocation the invocation (filter, method, channel)
* @return the context object for use in evaluating the expression, populated with a
* suitable root object.
*/
public final EvaluationContext createEvaluationContext(Authentication authentication,
T invocation) {
// createEvaluationContext ,
// SecurityExpressionOperations
SecurityExpressionOperations root = createSecurityExpressionRoot(authentication,
invocation);
// EvaluationContext, StandardEvaluationContext
StandardEvaluationContext ctx = createEvaluationContextInternal(authentication,
invocation);
// bean, bean , Spring bean
ctx.setBeanResolver(br);
// EvaluationContext SecurityExpressionOperations root
ctx.setRootObject(root);
return ctx;
}
/**
* Override to create a custom instance of StandardEvaluationContext.
* StandardEvaluationContext ,
* StandardEvaluationContext ,
* StandardEvaluationContext
*
* The returned object will have a SecurityExpressionRootPropertyAccessor
* added, allowing beans in the ApplicationContext to be accessed via
* expression properties.
*
* @param authentication the current authentication object
* @param invocation the invocation (filter, method, channel)
* @return A StandardEvaluationContext or potentially a custom subclass if
* overridden.
*/
protected StandardEvaluationContext createEvaluationContextInternal(
Authentication authentication, T invocation) {
return new StandardEvaluationContext();
}
/**
* Implement in order to create a root object of the correct type for the supported
* invocation type.
*
* @param authentication the current authentication object
* @param invocation the invocation (filter, method, channel)
* @return the object wh
*/
protected abstract SecurityExpressionOperations createSecurityExpressionRoot(
Authentication authentication, T invocation);
protected RoleHierarchy getRoleHierarchy() {
return roleHierarchy;
}
public void setRoleHierarchy(RoleHierarchy roleHierarchy) {
this.roleHierarchy = roleHierarchy;
}
protected PermissionEvaluator getPermissionEvaluator() {
return permissionEvaluator;
}
public void setPermissionEvaluator(PermissionEvaluator permissionEvaluator) {
this.permissionEvaluator = permissionEvaluator;
}
public void setApplicationContext(ApplicationContext applicationContext) {
br = new BeanFactoryResolver(applicationContext);
}
}
이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
[MeU] Hashtag 기능 개발➡️ 기존 Tag 테이블에 존재하지 않는 해시태그라면 Tag , tagPostMapping 테이블에 모두 추가 ➡️ 기존에 존재하는 해시태그라면, tagPostMapping 테이블에만 추가 이후에 개발할 태그 기반 ...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.